Security Vulnerabilities - CVEs Published In September 2019
Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-09-11
Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala.
CVSS Score
7.5
EPSS Score
0.008
Published
2019-09-11
Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-09-11
In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information.
CVSS Score
7.5
EPSS Score
0.018
Published
2019-09-11
Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager (DSM).
CVSS Score
4.9
EPSS Score
0.006
Published
2019-09-11
The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.
CVSS Score
7.8
EPSS Score
0.77
Published
2019-09-11
drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely
CVSS Score
4.7
EPSS Score
0.002
Published
2019-09-11
drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVSS Score
4.1
EPSS Score
0.0
Published
2019-09-11
drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVSS Score
4.1
EPSS Score
0.0
Published
2019-09-11
drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVSS Score
4.1
EPSS Score
0.001
Published
2019-09-11